Objective: Generate TOTP (Time-based One-Time Password) one-time passwords on Linux.
On mobile phones, apps like Google Authenticator or Authy can be used to generate 2-step verification codes. To generate the same verification codes on Linux, you can use an utility called oathtool.
To install oathtool, use one of the following commands based on your distro.
On Debian based systems:
|
1 |
# sudo apt-get install oathtool |
On RedHat based systems:
|
1 |
# sudo yum install oathtool |
To generate the one-time password, you will need the shared secret key of the account that you are generating the password for. TOTP urls are of the following format:
|
1 |
otpauth://totp/Google:alice@google.com?secret=KY3OUPMUYWCKS53F&issuer=Google |
The secret key is KY3OUPMUYWCKS53F for the above URL. It is base32 encoded by default. You will be able to get the URL by using a QR code scanner during 2-step verification setup.
Once you have the secret key, use oathtool using the following command syntax.
|
1 |
# oathtool --totp -b -d 6 KY3OUPMUYWCKS53F |
The above command will switch oathtool to TOTP mode, use base32 encoding for the key and display 6 digits for the OTP password.
Since TOTP codes are generated based on current timestamp, the system time must be accurate in order for oathtool to generate valid verification codes. If oathtool is generating invalid codes, check your system time.
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
